GSSAPI or Generic Security Service Application Programming Interface allows login to an SSH server via alternative mechanisms such as Kerberos.

It's useful for those who need the feature, but it's enabled by default and could unnecessarily slow the overall login process if you only use the standard password or public-key authentication methods.

You can disable or enable GSSAPI authentication for SSH via GSSAPIAuthentication directive in your SSHd configuration.

Specifies whether user authentication based on GSSAPI is allowed. The default is no.

Steps to disable or enable GSSAPI authentication in SSH:

  1. Launch your preferred terminal application (optional).
  2. Open SSHd configuration file using your favorite text editor.
    $ sudo vi /etc/ssh/sshd_config
    [sudo] password for user:
  3. Search for GSSAPIAuthentication directive and set the value to no to disable GSSAPIAuthentication authentication method or yes to enable.
    GSSAPIAuthentication no

    Add the line if it doesn't already exist and remove # at the beginning of the line if it exists.

  4. Save and exit the text editor.
  5. Reload or restart SSH server service.
    $ sudo systemctl restart sshd
Discuss the article:

Comment anonymously. Login not required.